|
By Robert Siciliano
In the early days of
the web, cybersquatting was a concern among corporations who were late
to the game in getting their domain names. I had a little battle with LedZeppelin.com that I regret, but that’s another story.
Today
that same battle is being played out in social media. Anyone can
register any brand or likeness on social media with very little
difficulty, and it’s free. Once the scammer owns your name, they can
pose as you, blog as you, and comment as you.
The basis of much
of this social media identity theft, or “impostering,” revolves around
social engineering. When a profile claims to represent a certain person
or brand, it is generally taken at face value. Lies propagated from such
a credible source are likely to be taken as fact for quite a long time,
if not indefinitely.
1. Someone may want to seize your C-level
executive’s name on Facebook, LinkedIn, or Twitter, posing as that
person in order to gather marketing intelligence. Once they are “linked”
or “friended,” they have access to that person’s contacts and inner
circle.
2. Another tactic is to pose as a family member of an
executive, since on Facebook, parents and children are often “friends.”
Pretending to be the child of one executive “friending” another in order
to gather information is an effective con.
3. Given the
opportunity, companies will often take over social networking pages in
the name of a rival company. The competition, unable to use the page for
their own benefit, loses market share.
4. In other scenarios, the same social networking page or profile can be used to disparage or slander the competing company.
5. Or worse, it could be used to spread falsehoods or create fake contests or scams that inevitably damage the brand.
6.
There have been companies and individuals whose names or variations of
their names were hijacked in response to a customer service issue gone
wrong. The person then uses that platform to slam the company using the
company’s own name.
7. Employees who are unhappy with their jobs
can use social media to vent their frustration about their boss or
company. This can easily result in a public relations nightmare.
The
best thing to do is gather every possible brand name and individual
name that could be used against you. Even if you never use the site, you
own the name. This can be done manually for free or by paying a small
fee. I’ve done both.
Manually is very time consuming. One site that can help you do it yourself for free or provide full service for a fee is knowem.com.
Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses hackers hacking social media on Fox Boston. (Disclosures)
This article was published by Infosec Island.
Only registered users can write comments.
Please login or register. |
